From c0bd106b31e7ceddac35cced23cb32989ac7c8e1 Mon Sep 17 00:00:00 2001 From: "martin f. krafft" Date: Wed, 20 Feb 2008 12:34:03 +0100 Subject: [PATCH] fix sql escaping and sqlite error reporting --- procmail/msgid-index | 7 +++---- procmail/record-delayed-mail | 7 +++---- procmail/sql-escape | 12 ++++++------ 3 files changed, 12 insertions(+), 14 deletions(-) diff --git a/procmail/msgid-index b/procmail/msgid-index index 102dacc..caccf83 100644 --- a/procmail/msgid-index +++ b/procmail/msgid-index @@ -14,10 +14,9 @@ DATA="$FROM,$NL$ORIGINAL_TO,$NL$SUBJECT,$NL$MSGID" INCLUDERC=$PMDIR/sql-escape QUERY="insert into messages (sender, recipient, subject, msgid, filename, dest) values ( - $DATA, '\\'$THISLOGFILE_REL\\'', '\\'\$DESTFILE\\''); - select * from messages where filename = '\\'$THISLOGFILE_REL\\''" -TRAP="$TRAP; case \"$($DO_QUERY '$QUERY')\" in '') - echo 'msgid-index: failed to insert reference into database';; esac" + $DATA, '$THISLOGFILE_REL', '\$DESTFILE');" +TRAP="$TRAP; OUT=\"$(echo \"$QUERY\" | $DO_QUERY 2>&1)\"; + [ -n \"\$OUT\" ] && echo \"msgid-index: failed to insert reference into database: \$OUT\"" QUERY DATA diff --git a/procmail/record-delayed-mail b/procmail/record-delayed-mail index 72ff6b8..c8256e1 100644 --- a/procmail/record-delayed-mail +++ b/procmail/record-delayed-mail @@ -8,10 +8,9 @@ DO_QUERY="$SQLITE $DELAYED_QUEUE_DB" DATA="$MSGID" INCLUDERC=$PMDIR/sql-escape -QUERY="insert into messages values ($DATA, '\\'\$DESTFILE\\'', $RELEASE_TS); - select * from messages where msgid = $DATA" -TRAP="$TRAP; case \"$($DO_QUERY '$QUERY')\" in '') - echo 'delay: failed to insert reference into database';; esac" +QUERY="insert into messages values ($DATA, '\$DESTFILE', $RELEASE_TS);" +TRAP="$TRAP; OUT=\"$(echo \"$QUERY\" | $DO_QUERY 2>&1)\"; + [ -n \"\$OUT\" ] && echo \"delay: failed register delayed mail in database: \$OUT\"" QUERY DATA diff --git a/procmail/sql-escape b/procmail/sql-escape index 08d0903..02c090a 100644 --- a/procmail/sql-escape +++ b/procmail/sql-escape @@ -1,13 +1,13 @@ -SQ="'\\''" -SQE="'\\\''" - :0 * DATA ?? . { + # 1. replace ' with '' + # 2. add quotes to each line + # 3. swap comma outside DATA="`echo \"$DATA\" \ - | sed -re 's,'\'','$SQE$SQE',g;' \ - -e 's/^.*$/'\$SQE'&'\$SQE'/' \ - -e 's/,'$SQE'$/'\$SQE',/'`" + | sed -re \"s,','',g\" \ + -e \"s/^.*$/'&'/\" \ + -e \"s/,'$/',/\"`" } :0 E -- 2.39.5